What's the GDPR and why do we need it?
The General Data Protection Regulation (GDPR), has been in the international news a lot. But what’s it all about?
In May 2018, the European Union’s General Data Protection Regulation came into effect. It has been considered a major milestone in addressing individuals’ rights relating to data privacy.
What’s in the regulation?
‘…regulates the processing by an individual, a company or an organisation of personal data relating to individuals in the EU.
It doesn’t apply to the processing of personal data of deceased persons or of legal entities.
The rules don’t apply to data processed by an individual for purely personal reasons or for activities carried out in one’s home, provided there is no connection to a professional or commercial activity.’1
This statement already gives a good overview. However, there are a few terms in this statement that we can clarify further.
Personal data includes:2
- ‘…any information that relates to an identified or identifiable living individual.’
- separate pieces of information that can collectively lead to the identification of an individual
- data that has been in some form anonymised but can still be used to identify an individual.
The GDPR applies to personal data in any form. For example, not just digital records, but also paper-based records.
Processing covers any operation that involves personal data, whether it is automated or manual. It includes the,
‘collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.’3
Does the regulation apply to me?
The GDPR is about data relating to individuals in the EU. This means that foreigners visiting the EU are covered under the regulation, but EU citizens living abroad and dealing with non-EU organisations are not. The rights that the GDPR gives to individuals in the EU include:4
- clear and transparent information on how their data is processed
- access to view their data
- transfer of their data from one data-processing organisation to another
- deletion of their data
- explicit indication of consent required to process their data
- information when their data is lost or stolen
- adaptation of information to suit children’s needs.
In the next step we will discuss the implications of the GDPR.
Comment on something that you didn’t know about the GDPR.
Share your thoughts in the comments.
European Commission. What does the General Data Protection Regulation (GDPR) govern? [online]. No date [cited 2018 Dec 05]. Available from: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-does-general-data-protection-regulation-gdpr-govern_en ↩
European Commission. What is personal data? [online]. No date [cited 2018 Dec 05]. Available from: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en ↩
European Commission. What constitutes data processing? [online]. No date [cited 2018 Dec 05]. Available from: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-constitutes-data-processing_en ↩
European Union. EU Data Protection Reform: better data protection rights for European citizens; 2018 [cited 2018 Dec 05]. Available from: https://ec.europa.eu/commission/sites/beta-political/files/data-protection-factsheet-citizens_en_1.pdf ↩
© Griffith University